feat: add encrypt backup using public key, migrate gpg to go gpg dependency
This commit is contained in:
Jonas Kaninda
@@ -296,12 +296,12 @@ func encryptBackup(config *BackupConfig) {
|
||||
if config.usingKey {
|
||||
err := encryptWithGPGPublicKey(filepath.Join(tmpPath, config.backupFileName), config.publicKey)
|
||||
if err != nil {
|
||||
utils.Fatal("Error during encrypting backup %v", err)
|
||||
utils.Fatal("error during encrypting backup %v", err)
|
||||
}
|
||||
} else if config.passphrase != "" {
|
||||
err := encryptWithGPGSymmetric(filepath.Join(tmpPath, config.backupFileName), config.passphrase)
|
||||
err := encryptWithGPG(filepath.Join(tmpPath, config.backupFileName), config.passphrase)
|
||||
if err != nil {
|
||||
utils.Fatal("Error during encrypting backup %v", err)
|
||||
utils.Fatal("error during encrypting backup %v", err)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -12,50 +12,59 @@ import (
|
||||
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||
"github.com/jkaninda/pg-bkup/utils"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// decryptWithGPGSymmetric decrypts backup file using a passphrase
|
||||
func decryptWithGPGSymmetric(inputFile string, passphrase string) error {
|
||||
// decryptWithGPG decrypts backup file using a passphrase
|
||||
func decryptWithGPG(inputFile string, passphrase string) error {
|
||||
utils.Info("Decrypting backup using passphrase...")
|
||||
|
||||
//Create gpg home dir
|
||||
err := utils.MakeDirAll(gpgHome)
|
||||
// Read the encrypted file
|
||||
encFileContent, err := os.ReadFile(inputFile)
|
||||
if err != nil {
|
||||
return err
|
||||
return errors.New(fmt.Sprintf("Error reading encrypted file: %s", err))
|
||||
}
|
||||
utils.SetEnv("GNUPGHOME", gpgHome)
|
||||
cmd := exec.Command("gpg", "--batch", "--passphrase", passphrase, "--output", RemoveLastExtension(inputFile), "--decrypt", inputFile)
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
|
||||
err = cmd.Run()
|
||||
// Define the passphrase used to encrypt the file
|
||||
_passphrase := []byte(passphrase)
|
||||
// Create a PGP message object from the encrypted file content
|
||||
encryptedMessage := crypto.NewPGPMessage(encFileContent)
|
||||
// Decrypt the message using the passphrase
|
||||
plainMessage, err := crypto.DecryptMessageWithPassword(encryptedMessage, _passphrase)
|
||||
if err != nil {
|
||||
return err
|
||||
return errors.New(fmt.Sprintf("Error decrypting file: %s", err))
|
||||
}
|
||||
|
||||
// Save the decrypted file (restore it)
|
||||
err = os.WriteFile(RemoveLastExtension(inputFile), plainMessage.GetBinary(), 0644)
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error saving decrypted file: %s", err))
|
||||
}
|
||||
utils.Info("Decrypting backup using passphrase...done")
|
||||
utils.Info("Backup file decrypted successful!")
|
||||
return nil
|
||||
}
|
||||
|
||||
// encryptWithGPGSymmetric encrypts backup using a passphrase
|
||||
func encryptWithGPGSymmetric(inputFile string, passphrase string) error {
|
||||
// encryptWithGPG encrypts backup using a passphrase
|
||||
func encryptWithGPG(inputFile string, passphrase string) error {
|
||||
utils.Info("Encrypting backup using passphrase...")
|
||||
|
||||
//Create gpg home dir
|
||||
err := utils.MakeDirAll(gpgHome)
|
||||
// Read the file to be encrypted
|
||||
plainFileContent, err := os.ReadFile(inputFile)
|
||||
if err != nil {
|
||||
return err
|
||||
return errors.New(fmt.Sprintf("Error reading file: %s", err))
|
||||
}
|
||||
utils.SetEnv("GNUPGHOME", gpgHome)
|
||||
cmd := exec.Command("gpg", "--batch", "--passphrase", passphrase, "--symmetric", "--cipher-algo", algorithm, inputFile)
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
// Define the passphrase to encrypt the file
|
||||
_passphrase := []byte(passphrase)
|
||||
|
||||
err = cmd.Run()
|
||||
// Create a message object from the file content
|
||||
message := crypto.NewPlainMessage(plainFileContent)
|
||||
// Encrypt the message using the passphrase
|
||||
encryptedMessage, err := crypto.EncryptMessageWithPassword(message, _passphrase)
|
||||
if err != nil {
|
||||
return err
|
||||
return errors.New(fmt.Sprintf("Error encrypting backup file: %s", err))
|
||||
}
|
||||
// Save the encrypted .tar file
|
||||
err = os.WriteFile(fmt.Sprintf("%s.%s", inputFile, gpgExtension), encryptedMessage.GetBinary(), 0644)
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Error saving encrypted filee: %s", err))
|
||||
}
|
||||
utils.Info("Encrypting backup using passphrase...done")
|
||||
utils.Info("Backup file encrypted successful!")
|
||||
@@ -88,7 +97,7 @@ func encryptWithGPGPublicKey(inputFile string, publicKey string) error {
|
||||
return errors.New(fmt.Sprintf("Error reading file: %v", err))
|
||||
}
|
||||
|
||||
// encryptWithGPGSymmetric the file
|
||||
// encryptWithGPG the file
|
||||
message := crypto.NewPlainMessage(fileContent)
|
||||
encMessage, err := keyRing.Encrypt(message, nil)
|
||||
if err != nil {
|
||||
@@ -149,7 +158,7 @@ func decryptWithGPGPrivateKey(inputFile, privateKey, passphrase string) error {
|
||||
return errors.New(fmt.Sprintf("Error reading encrypted file: %s", err))
|
||||
}
|
||||
|
||||
// decryptWithGPGSymmetric the file
|
||||
// decryptWithGPG the file
|
||||
encryptedMessage := crypto.NewPGPMessage(encFileContent)
|
||||
message, err := keyRing.Decrypt(encryptedMessage, nil, 0)
|
||||
if err != nil {
|
||||
|
||||
@@ -10,7 +10,6 @@ import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"github.com/jkaninda/pg-bkup/utils"
|
||||
"gopkg.in/yaml.v3"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
@@ -140,24 +139,6 @@ func testDatabaseConnection(db *dbConfig) {
|
||||
utils.Info("Successfully connected to %s database", db.dbName)
|
||||
|
||||
}
|
||||
func readConf(filename string) (*Config, error) {
|
||||
configFile := filepath.Join("", filename)
|
||||
if utils.FileExists(configFile) {
|
||||
buf, err := os.ReadFile(configFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
c := &Config{}
|
||||
err = yaml.Unmarshal(buf, c)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("in file %q: %w", filename, err)
|
||||
}
|
||||
|
||||
return c, err
|
||||
}
|
||||
return nil, fmt.Errorf("config file %q not found", filename)
|
||||
}
|
||||
func checkPubKeyFile(pubKey string) (string, error) {
|
||||
utils.Info("Checking file %s ...", pubKey)
|
||||
// Define possible key file names
|
||||
|
||||
@@ -81,13 +81,13 @@ func RestoreDatabase(db *dbConfig, conf *RestoreConfig) {
|
||||
utils.Error("Error, passphrase or private key required")
|
||||
utils.Fatal("Your file seems to be a GPG file.\nYou need to provide GPG keys. GPG_PASSPHRASE or GPG_PRIVATE_KEY environment variable is required.")
|
||||
} else {
|
||||
//decryptWithGPGSymmetric file
|
||||
err := decryptWithGPGSymmetric(filepath.Join(tmpPath, conf.file), conf.passphrase)
|
||||
//decryptWithGPG file
|
||||
err := decryptWithGPG(filepath.Join(tmpPath, conf.file), conf.passphrase)
|
||||
if err != nil {
|
||||
utils.Fatal("Error decrypting file %s %v", file, err)
|
||||
}
|
||||
//Update file name
|
||||
file = RemoveLastExtension(file)
|
||||
conf.file = RemoveLastExtension(file)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user